diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2014-09-18 13:28:32 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-09-22 09:27:31 +0000 |
| commit | e8739b458e6738d5bdbde84c5a7ef8984bef64b4 (patch) | |
| tree | 0b22f1c4a35d89cb0509928dc6c64251d640d2ec /main/linux-grsec | |
| parent | dfde3a5736926775e97680a527bcbae9b482c23f (diff) | |
| download | aports-e8739b458e6738d5bdbde84c5a7ef8984bef64b4.tar.bz2 aports-e8739b458e6738d5bdbde84c5a7ef8984bef64b4.tar.xz | |
main/linux-grsec: upgrade to 3.14.19
Diffstat (limited to 'main/linux-grsec')
| -rw-r--r-- | main/linux-grsec/APKBUILD | 18 | ||||
| -rw-r--r-- | main/linux-grsec/grsecurity-3.0-3.14.19-201409180900.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.18-201409141906.patch) | 764 |
2 files changed, 192 insertions, 590 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index c834c05bff..c2a78c55ee 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,12 +2,12 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.14.18 +pkgver=3.14.19 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=3 +pkgrel=0 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-3.14.18-201409141906.patch + grsecurity-3.0-3.14.19-201409180900.patch fix-memory-map-for-PIE-applications.patch imx6q-no-unclocked-sleep.patch @@ -165,24 +165,24 @@ dev() { } md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz -f00741b35127573c3cf085fc43f6e3f0 patch-3.14.18.xz -eb7a53b063df0e0018014049a08f5b40 grsecurity-3.0-3.14.18-201409141906.patch +648647b8a4eb17f057bb64afabdb1d54 patch-3.14.19.xz +467fcb071fd99c070fbcec5a610de079 grsecurity-3.0-3.14.19-201409180900.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch 673f80f1d47c0a086782d74d97a4fca1 kernelconfig.x86 b98f73c3b6b466140ad7bb3ffed7d5fe kernelconfig.x86_64 3d79d27ce4aea637042bb70055c35a3d kernelconfig.armhf" sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz -3723d8d91e1bba0ed57a4951e8089ebfaa21ac186c3b729b4d2bad2da3eaed9f patch-3.14.18.xz -a9f82ac307226ea1726e7c7e904627e69ee8016985b73fd4cb8dec4f5768b222 grsecurity-3.0-3.14.18-201409141906.patch +8f168278944be5109f7bcb7488578acb9fdba985ae9fc44a04eefd4fe27d8591 patch-3.14.19.xz +b2f4a4fe2f6ff9fca7fb33427c0f0f09be8bad0684c57cc973d0a75ae320fbce grsecurity-3.0-3.14.19-201409180900.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch da40c2648a5c9c7ee14c0bb8188d11e8ba95e86712f04869a509c27eeea5286e kernelconfig.x86 998cce8502ce26642618e5372b8155f37cd52b8b50bf9a86152db3bacd10fdd1 kernelconfig.x86_64 a2dc0e30e1d1d691768543a17b51efccfc11ef17c04ac08f2b54c95f25dab75d kernelconfig.armhf" sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz -c7c5b281986819cb69592cc4c2b7c7d79f34aa86f21db1dd64b795dda79b5f9df95626dada5c8e0613c58d8d7979f37baf0a87cd458f340018ce61b42e4eb6c5 patch-3.14.18.xz -ff711fc291a3a795a1421936f0e3168ef8a6b92bcad21f9b7a1468945ee33cf9dcb3e56a5424be99af4cc660bd00e1770812ee2beb0fad9b34dd610558bd9cd9 grsecurity-3.0-3.14.18-201409141906.patch +be2cb79e7a9282244db9073160d426497dbb1815ce38050354181adc5d84dff09f597ff6980a3c29553300a2d38aa161ee25b53b8e122eb1891cfbdd950ba3eb patch-3.14.19.xz +a565914f92c2b4375a40ea1c0f17de1678195a7f3e3b51688a4aa541739016670fcb391f301634855df7d4b3d4dd0dbac0ed60e94b6d724f2c0a1a67360e6aa1 grsecurity-3.0-3.14.19-201409180900.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch 0afde4aad7f5b33768adbf60a5d0945f2aea75615227263051af09a63c519b9d58bea66c5f4f3d1e64f6d3d4d42b2b17bb44e2e09ac83b202757f7c9534783aa kernelconfig.x86 diff --git a/main/linux-grsec/grsecurity-3.0-3.14.18-201409141906.patch b/main/linux-grsec/grsecurity-3.0-3.14.19-201409180900.patch index 54a332ad20..3cb0c39c14 100644 --- a/main/linux-grsec/grsecurity-3.0-3.14.18-201409141906.patch +++ b/main/linux-grsec/grsecurity-3.0-3.14.19-201409180900.patch @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 05279d4..c24e149 100644 +index b1746b4..35b5438 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -6847,7 +6847,7 @@ index 1188e00..41cf144 100644 #include <linux/module.h> #include <linux/elfcore.h> diff --git a/arch/mips/kernel/binfmt_elfo32.c b/arch/mips/kernel/binfmt_elfo32.c -index 7faf5f2..f3d3cf4 100644 +index 71df942..199dd19 100644 --- a/arch/mips/kernel/binfmt_elfo32.c +++ b/arch/mips/kernel/binfmt_elfo32.c @@ -70,6 +70,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG]; @@ -6863,7 +6863,7 @@ index 7faf5f2..f3d3cf4 100644 + #include <asm/processor.h> - /* + /* These MUST be defined before elf.h gets included */ diff --git a/arch/mips/kernel/i8259.c b/arch/mips/kernel/i8259.c index 2b91fe8..fe4f6b4 100644 --- a/arch/mips/kernel/i8259.c @@ -6955,10 +6955,10 @@ index 6ae540e..b7396dc 100644 - return sp & ALMASK; -} diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c -index 7da9b76..21578be 100644 +index 60f48fe..a2df508 100644 --- a/arch/mips/kernel/ptrace.c +++ b/arch/mips/kernel/ptrace.c -@@ -658,6 +658,10 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -790,6 +790,10 @@ long arch_ptrace(struct task_struct *child, long request, return ret; } @@ -6969,7 +6969,7 @@ index 7da9b76..21578be 100644 /* * Notification of system call entry/exit * - triggered by current->work.syscall_trace -@@ -674,6 +678,11 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs) +@@ -806,6 +810,11 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs) tracehook_report_syscall_entry(regs)) ret = -1; @@ -24768,7 +24768,7 @@ index f36bd42..0ab4474 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index a468c0a..c7dec74 100644 +index a468c0a..8b5a879 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -20,6 +20,8 @@ @@ -24820,7 +24820,11 @@ index a468c0a..c7dec74 100644 /* * Set up the identity mapping for the switchover. These -@@ -177,8 +198,8 @@ ENTRY(secondary_startup_64) +@@ -174,11 +195,12 @@ ENTRY(secondary_startup_64) + * after the boot processor executes this code. + */ + ++ orq $-1, %rbp movq $(init_level4_pgt - __START_KERNEL_map), %rax 1: @@ -24831,7 +24835,7 @@ index a468c0a..c7dec74 100644 movq %rcx, %cr4 /* Setup early boot stage 4 level pagetables. */ -@@ -199,10 +220,19 @@ ENTRY(secondary_startup_64) +@@ -199,10 +221,19 @@ ENTRY(secondary_startup_64) movl $MSR_EFER, %ecx rdmsr btsl $_EFER_SCE, %eax /* Enable System Call */ @@ -24839,10 +24843,10 @@ index a468c0a..c7dec74 100644 + btl $(X86_FEATURE_NX & 31),%edi /* No Execute supported? */ jnc 1f btsl $_EFER_NX, %eax ++ cmpq $-1, %rbp ++ je 1f btsq $_PAGE_BIT_NX,early_pmd_flags(%rip) -+#ifndef CONFIG_EFI + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_PAGE_OFFSET(%rip) -+#endif + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMALLOC_START(%rip) + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMALLOC_END(%rip) + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMEMMAP_START(%rip) @@ -24852,7 +24856,7 @@ index a468c0a..c7dec74 100644 1: wrmsr /* Make changes effective */ /* Setup cr0 */ -@@ -282,6 +312,7 @@ ENTRY(secondary_startup_64) +@@ -282,6 +313,7 @@ ENTRY(secondary_startup_64) * REX.W + FF /5 JMP m16:64 Jump far, absolute indirect, * address given in m16:64. */ @@ -24860,7 +24864,7 @@ index a468c0a..c7dec74 100644 movq initial_code(%rip),%rax pushq $0 # fake return address to stop unwinder pushq $__KERNEL_CS # set correct cs -@@ -313,7 +344,7 @@ ENDPROC(start_cpu0) +@@ -313,7 +345,7 @@ ENDPROC(start_cpu0) .quad INIT_PER_CPU_VAR(irq_stack_union) GLOBAL(stack_start) @@ -24869,7 +24873,7 @@ index a468c0a..c7dec74 100644 .word 0 __FINITDATA -@@ -391,7 +422,7 @@ ENTRY(early_idt_handler) +@@ -391,7 +423,7 @@ ENTRY(early_idt_handler) call dump_stack #ifdef CONFIG_KALLSYMS leaq early_idt_ripmsg(%rip),%rdi @@ -24878,7 +24882,7 @@ index a468c0a..c7dec74 100644 call __print_symbol #endif #endif /* EARLY_PRINTK */ -@@ -420,6 +451,7 @@ ENDPROC(early_idt_handler) +@@ -420,6 +452,7 @@ ENDPROC(early_idt_handler) early_recursion_flag: .long 0 @@ -24886,7 +24890,7 @@ index a468c0a..c7dec74 100644 #ifdef CONFIG_EARLY_PRINTK early_idt_msg: .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n" -@@ -447,29 +479,52 @@ NEXT_PAGE(early_level4_pgt) +@@ -447,29 +480,52 @@ NEXT_PAGE(early_level4_pgt) NEXT_PAGE(early_dynamic_pgts) .fill 512*EARLY_DYNAMIC_PAGE_TABLES,8,0 @@ -24948,7 +24952,7 @@ index a468c0a..c7dec74 100644 NEXT_PAGE(level3_kernel_pgt) .fill L3_START_KERNEL,8,0 -@@ -477,6 +532,9 @@ NEXT_PAGE(level3_kernel_pgt) +@@ -477,6 +533,9 @@ NEXT_PAGE(level3_kernel_pgt) .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -24958,7 +24962,7 @@ index a468c0a..c7dec74 100644 NEXT_PAGE(level2_kernel_pgt) /* * 512 MB kernel mapping. We spend a full page on this pagetable -@@ -494,28 +552,64 @@ NEXT_PAGE(level2_kernel_pgt) +@@ -494,28 +553,64 @@ NEXT_PAGE(level2_kernel_pgt) NEXT_PAGE(level2_fixmap_pgt) .fill 506,8,0 .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -34859,7 +34863,7 @@ index 9ee3491..872192f 100644 local_irq_restore(efi_rt_eflags); diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c -index 666b74a..673d88f 100644 +index 666b74a..7c90b04 100644 --- a/arch/x86/platform/efi/efi_64.c +++ b/arch/x86/platform/efi/efi_64.c @@ -97,6 +97,11 @@ void __init efi_call_phys_prelog(void) @@ -34886,6 +34890,31 @@ index 666b74a..673d88f 100644 __flush_tlb_all(); local_irq_restore(efi_flags); early_code_mapping_set_exec(0); +@@ -141,8 +151,23 @@ int efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages) + { + pgd_t *pgd; + +- if (efi_enabled(EFI_OLD_MEMMAP)) ++ if (efi_enabled(EFI_OLD_MEMMAP)) { ++ /* PaX: We need to disable the NX bit in the PGD, otherwise we won't be ++ * able to execute the EFI services. ++ */ ++ if (__supported_pte_mask & _PAGE_NX) { ++ unsigned long addr = (unsigned long) __va(0); ++ pgd_t pe = __pgd(pgd_val(*pgd_offset_k(addr)) & ~_PAGE_NX); ++ ++ pr_alert("PAX: Disabling NX protection for low memory map. Try booting without \"efi=old_map\"\n"); ++#ifdef CONFIG_PAX_PER_CPU_PGD ++ set_pgd(pgd_offset_cpu(0, kernel, addr), pe); ++#endif ++ set_pgd(pgd_offset_k(addr), pe); ++ } ++ + return 0; ++ } + + efi_scratch.efi_pgt = (pgd_t *)(unsigned long)real_mode_header->trampoline_pgd; + pgd = __va(efi_scratch.efi_pgt); diff --git a/arch/x86/platform/efi/efi_stub_32.S b/arch/x86/platform/efi/efi_stub_32.S index fbe66e6..eae5e38 100644 --- a/arch/x86/platform/efi/efi_stub_32.S @@ -36451,7 +36480,7 @@ index c68e724..e863008 100644 /* parse the table header to get the table length */ if (count <= sizeof(struct acpi_table_header)) diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c -index 3dca36d..abaf070 100644 +index 17f9ec5..d9a455e 100644 --- a/drivers/acpi/processor_idle.c +++ b/drivers/acpi/processor_idle.c @@ -952,7 +952,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr) @@ -40791,10 +40820,10 @@ index 4c3feaa..26391ce 100644 #define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry }) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.h b/drivers/gpu/drm/nouveau/nouveau_drm.h -index 23ca7a5..b6c955d 100644 +index 74ed08a..e81b8c5 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.h +++ b/drivers/gpu/drm/nouveau/nouveau_drm.h -@@ -97,7 +97,6 @@ struct nouveau_drm { +@@ -99,7 +99,6 @@ struct nouveau_drm { struct drm_global_reference mem_global_ref; struct ttm_bo_global_ref bo_global_ref; struct ttm_bo_device bdev; @@ -44504,7 +44533,7 @@ index 3e6d115..ffecdeb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index 56e24c0..e1c8e1f 100644 +index d7690f8..3db9ef1 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c @@ -1931,7 +1931,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) @@ -44526,10 +44555,10 @@ index 56e24c0..e1c8e1f 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index cb882aa..cb8aeca 100644 +index a46124e..caf0bd55 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c -@@ -1949,7 +1949,7 @@ static void end_sync_read(struct bio *bio, int error) +@@ -1948,7 +1948,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc */ @@ -44538,7 +44567,7 @@ index cb882aa..cb8aeca 100644 &conf->mirrors[d].rdev->corrected_errors); /* for reconstruct, we always reschedule after a read. -@@ -2307,7 +2307,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2306,7 +2306,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) { struct timespec cur_time_mon; unsigned long hours_since_last; @@ -44547,7 +44576,7 @@ index cb882aa..cb8aeca 100644 ktime_get_ts(&cur_time_mon); -@@ -2329,9 +2329,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2328,9 +2328,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) * overflowing the shift of read_errors by hours_since_last. */ if (hours_since_last >= 8 * sizeof(read_errors)) @@ -44559,7 +44588,7 @@ index cb882aa..cb8aeca 100644 } static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector, -@@ -2385,8 +2385,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2384,8 +2384,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 return; check_decay_read_errors(mddev, rdev); @@ -44570,7 +44599,7 @@ index cb882aa..cb8aeca 100644 char b[BDEVNAME_SIZE]; bdevname(rdev->bdev, b); -@@ -2394,7 +2394,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2393,7 +2393,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 "md/raid10:%s: %s: Raid device exceeded " "read_error threshold [cur %d:max %d]\n", mdname(mddev), b, @@ -44579,7 +44608,7 @@ index cb882aa..cb8aeca 100644 printk(KERN_NOTICE "md/raid10:%s: %s: Failing raid device\n", mdname(mddev), b); -@@ -2549,7 +2549,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2548,7 +2548,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 sect + choose_data_offset(r10_bio, rdev)), bdevname(rdev->bdev, b)); @@ -44588,25 +44617,8 @@ index cb882aa..cb8aeca 100644 } rdev_dec_pending(rdev, mddev); -@@ -2954,6 +2954,7 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr, - */ - if (test_bit(MD_RECOVERY_RESHAPE, &mddev->recovery)) { - end_reshape(conf); -+ close_sync(conf); - return 0; - } - -@@ -4411,7 +4412,7 @@ read_more: - read_bio->bi_private = r10_bio; - read_bio->bi_end_io = end_sync_read; - read_bio->bi_rw = READ; -- read_bio->bi_flags &= ~(BIO_POOL_MASK - 1); -+ read_bio->bi_flags &= (~0UL << BIO_RESET_BITS); - read_bio->bi_flags |= 1 << BIO_UPTODATE; - read_bio->bi_vcnt = 0; - read_bio->bi_iter.bi_size = 0; diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 16f5c21..c5d72c7 100644 +index 18cda77..c5d72c7 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1707,6 +1707,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) @@ -44667,15 +44679,6 @@ index 16f5c21..c5d72c7 100644 > conf->max_nr_stripes) printk(KERN_WARNING "md/raid:%s: Too many read errors, failing device %s.\n", -@@ -3779,6 +3787,8 @@ static void handle_stripe(struct stripe_head *sh) - set_bit(R5_Wantwrite, &dev->flags); - if (prexor) - continue; -+ if (s.failed > 1) -+ continue; - if (!test_bit(R5_Insync, &dev->flags) || - ((i == sh->pd_idx || i == sh->qd_idx) && - s.failed == 0)) diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c index 983db75..ef9248c 100644 --- a/drivers/media/dvb-core/dvbdev.c @@ -49737,7 +49740,7 @@ index ff75ef8..2dfe00a 100644 /* * fcs_port_sm FCS logical port state machine diff --git a/drivers/scsi/bfa/bfa_ioc.h b/drivers/scsi/bfa/bfa_ioc.h -index 2e28392..9d865b6 100644 +index a38aafa0..fe8f03b 100644 --- a/drivers/scsi/bfa/bfa_ioc.h +++ b/drivers/scsi/bfa/bfa_ioc.h @@ -258,7 +258,7 @@ struct bfa_ioc_cbfn_s { @@ -50741,7 +50744,7 @@ index fd8ffe6..fd0bebf 100644 err = class_register(&iscsi_transport_class); if (err) diff --git a/drivers/scsi/scsi_transport_srp.c b/drivers/scsi/scsi_transport_srp.c -index d47ffc8..30f46a9 100644 +index e3e794e..f72f20c 100644 --- a/drivers/scsi/scsi_transport_srp.c +++ b/drivers/scsi/scsi_transport_srp.c @@ -36,7 +36,7 @@ @@ -50762,7 +50765,7 @@ index d47ffc8..30f46a9 100644 return 0; } -@@ -734,7 +734,7 @@ struct srp_rport *srp_rport_add(struct Scsi_Host *shost, +@@ -735,7 +735,7 @@ struct srp_rport *srp_rport_add(struct Scsi_Host *shost, rport_fast_io_fail_timedout); INIT_DELAYED_WORK(&rport->dev_loss_work, rport_dev_loss_timedout); @@ -50772,10 +50775,10 @@ index d47ffc8..30f46a9 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 36d1a23..3f33303 100644 +index e8abb73..faa6fbe 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -2962,7 +2962,7 @@ static int sd_probe(struct device *dev) +@@ -2967,7 +2967,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -58686,10 +58689,10 @@ index 7c6b73c..a8f0db2 100644 atomic_set(&midCount, 0); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h -index 30f6e92..e915ba5 100644 +index f15d435..0f61ef5 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h -@@ -806,35 +806,35 @@ struct cifs_tcon { +@@ -801,35 +801,35 @@ struct cifs_tcon { __u16 Flags; /* optional support bits */ enum statusEnum tidStatus; #ifdef CONFIG_CIFS_STATS @@ -58749,7 +58752,7 @@ index 30f6e92..e915ba5 100644 } smb2_stats; #endif /* CONFIG_CIFS_SMB2 */ } stats; -@@ -1170,7 +1170,7 @@ convert_delimiter(char *path, char delim) +@@ -1165,7 +1165,7 @@ convert_delimiter(char *path, char delim) } #ifdef CONFIG_CIFS_STATS @@ -58758,7 +58761,7 @@ index 30f6e92..e915ba5 100644 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, unsigned int bytes) -@@ -1536,8 +1536,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; +@@ -1531,8 +1531,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; /* Various Debug counters */ GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ #ifdef CONFIG_CIFS_STATS2 @@ -58770,7 +58773,7 @@ index 30f6e92..e915ba5 100644 GLOBAL_EXTERN atomic_t smBufAllocCount; GLOBAL_EXTERN atomic_t midCount; diff --git a/fs/cifs/file.c b/fs/cifs/file.c -index 87c4dd0..a90f115 100644 +index 8175b18..9525542 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -1900,10 +1900,14 @@ static int cifs_writepages(struct address_space *mapping, @@ -58923,7 +58926,7 @@ index d1fdfa8..94558f8 100644 } diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c -index 35ddc3e..563e809 100644 +index f8977b2..bb38079 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -364,8 +364,8 @@ smb2_clear_stats(struct cifs_tcon *tcon) @@ -59044,10 +59047,10 @@ index 35ddc3e..563e809 100644 } diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c -index 049a3f2..0f41305 100644 +index 9aab8fe..2bd5f3b 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c -@@ -2099,8 +2099,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, +@@ -2100,8 +2100,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, default: cifs_dbg(VFS, "info level %u isn't supported\n", srch_inf->info_level); @@ -59414,20 +59417,10 @@ index a93f7e6..d58bcbe 100644 return 0; while (nr) { diff --git a/fs/dcache.c b/fs/dcache.c -index 7f3b400..f91b141 100644 +index 58d57da..f91b141 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -106,8 +106,7 @@ static inline struct hlist_bl_head *d_hash(const struct dentry *parent, - unsigned int hash) - { - hash += (unsigned long) parent / L1_CACHE_BYTES; -- hash = hash + (hash >> d_hash_shift); -- return dentry_hashtable + (hash & d_hash_mask); -+ return dentry_hashtable + hash_32(hash, d_hash_shift); - } - - /* Statistics gathering. */ -@@ -251,7 +250,7 @@ static void __d_free(struct rcu_head *head) +@@ -250,7 +250,7 @@ static void __d_free(struct rcu_head *head) */ static void d_free(struct dentry *dentry) { @@ -59436,7 +59429,7 @@ index 7f3b400..f91b141 100644 this_cpu_dec(nr_dentry); if (dentry->d_op && dentry->d_op->d_release) dentry->d_op->d_release(dentry); -@@ -597,7 +596,7 @@ repeat: +@@ -596,7 +596,7 @@ repeat: dentry->d_flags |= DCACHE_REFERENCED; dentry_lru_add(dentry); @@ -59445,7 +59438,7 @@ index 7f3b400..f91b141 100644 spin_unlock(&dentry->d_lock); return; -@@ -652,7 +651,7 @@ int d_invalidate(struct dentry * dentry) +@@ -651,7 +651,7 @@ int d_invalidate(struct dentry * dentry) * We also need to leave mountpoints alone, * directory or not. */ @@ -59454,7 +59447,7 @@ index 7f3b400..f91b141 100644 if (S_ISDIR(dentry->d_inode->i_mode) || d_mountpoint(dentry)) { spin_unlock(&dentry->d_lock); return -EBUSY; -@@ -668,7 +667,7 @@ EXPORT_SYMBOL(d_invalidate); +@@ -667,7 +667,7 @@ EXPORT_SYMBOL(d_invalidate); /* This must be called with d_lock held */ static inline void __dget_dlock(struct dentry *dentry) { @@ -59463,7 +59456,7 @@ index 7f3b400..f91b141 100644 } static inline void __dget(struct dentry *dentry) -@@ -709,8 +708,8 @@ repeat: +@@ -708,8 +708,8 @@ repeat: goto repeat; } rcu_read_unlock(); @@ -59474,7 +59467,7 @@ index 7f3b400..f91b141 100644 spin_unlock(&ret->d_lock); return ret; } -@@ -793,7 +792,7 @@ restart: +@@ -792,7 +792,7 @@ restart: spin_lock(&inode->i_lock); hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) { spin_lock(&dentry->d_lock); @@ -59483,7 +59476,7 @@ index 7f3b400..f91b141 100644 /* * inform the fs via d_prune that this dentry * is about to be unhashed and destroyed. -@@ -885,7 +884,7 @@ static void shrink_dentry_list(struct list_head *list) +@@ -884,7 +884,7 @@ static void shrink_dentry_list(struct list_head *list) * We found an inuse dentry which was not removed from * the LRU because of laziness during lookup. Do not free it. */ @@ -59492,7 +59485,7 @@ index 7f3b400..f91b141 100644 spin_unlock(&dentry->d_lock); continue; } -@@ -931,7 +930,7 @@ dentry_lru_isolate(struct list_head *item, spinlock_t *lru_lock, void *arg) +@@ -930,7 +930,7 @@ dentry_lru_isolate(struct list_head *item, spinlock_t *lru_lock, void *arg) * counts, just remove them from the LRU. Otherwise give them * another pass through the LRU. */ @@ -59501,7 +59494,7 @@ index 7f3b400..f91b141 100644 d_lru_isolate(dentry); spin_unlock(&dentry->d_lock); return LRU_REMOVED; -@@ -1269,7 +1268,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry) +@@ -1268,7 +1268,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry) * loop in shrink_dcache_parent() might not make any progress * and loop forever. */ @@ -59510,7 +59503,7 @@ index 7f3b400..f91b141 100644 dentry_lru_del(dentry); } else if (!(dentry->d_flags & DCACHE_SHRINK_LIST)) { /* -@@ -1323,11 +1322,11 @@ static enum d_walk_ret umount_collect(void *_data, struct dentry *dentry) +@@ -1322,11 +1322,11 @@ static enum d_walk_ret umount_collect(void *_data, struct dentry *dentry) struct select_data *data = _data; enum d_walk_ret ret = D_WALK_CONTINUE; @@ -59524,7 +59517,7 @@ index 7f3b400..f91b141 100644 goto out; printk(KERN_ERR "BUG: Dentry %p{i=%lx,n=%s}" -@@ -1337,7 +1336,7 @@ static enum d_walk_ret umount_collect(void *_data, struct dentry *dentry) +@@ -1336,7 +1336,7 @@ static enum d_walk_ret umount_collect(void *_data, struct dentry *dentry) dentry->d_inode ? dentry->d_inode->i_ino : 0UL, dentry->d_name.name, @@ -59533,7 +59526,7 @@ index 7f3b400..f91b141 100644 dentry->d_sb->s_type->name, dentry->d_sb->s_id); BUG(); -@@ -1495,7 +1494,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) +@@ -1494,7 +1494,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) */ dentry->d_iname[DNAME_INLINE_LEN-1] = 0; if (name->len > DNAME_INLINE_LEN-1) { @@ -59542,7 +59535,7 @@ index 7f3b400..f91b141 100644 if (!dname) { kmem_cache_free(dentry_cache, dentry); return NULL; -@@ -1513,7 +1512,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) +@@ -1512,7 +1512,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) smp_wmb(); dentry->d_name.name = dname; @@ -59551,7 +59544,7 @@ index 7f3b400..f91b141 100644 dentry->d_flags = 0; spin_lock_init(&dentry->d_lock); seqcount_init(&dentry->d_seq); -@@ -2276,7 +2275,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) +@@ -2275,7 +2275,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) goto next; } @@ -59560,7 +59553,7 @@ index 7f3b400..f91b141 100644 found = dentry; spin_unlock(&dentry->d_lock); break; -@@ -2375,7 +2374,7 @@ again: +@@ -2374,7 +2374,7 @@ again: spin_lock(&dentry->d_lock); inode = dentry->d_inode; isdir = S_ISDIR(inode->i_mode); @@ -59569,7 +59562,7 @@ index 7f3b400..f91b141 100644 if (!spin_trylock(&inode->i_lock)) { spin_unlock(&dentry->d_lock); cpu_relax(); -@@ -3314,7 +3313,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) +@@ -3313,7 +3313,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) if (!(dentry->d_flags & DCACHE_GENOCIDE)) { dentry->d_flags |= DCACHE_GENOCIDE; @@ -59578,7 +59571,7 @@ index 7f3b400..f91b141 100644 } } return D_WALK_CONTINUE; -@@ -3430,7 +3429,8 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3429,7 +3429,8 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -62733,18 +62726,10 @@ index b29e42f..5ea7fdf 100644 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ diff --git a/fs/namei.c b/fs/namei.c -index bdea109..6e919ab 100644 +index d5a4fae..d221b37 100644 --- a/fs/namei.c +++ b/fs/namei.c -@@ -34,6 +34,7 @@ - #include <linux/device_cgroup.h> - #include <linux/fs_struct.h> - #include <linux/posix_acl.h> -+#include <linux/hash.h> - #include <asm/uaccess.h> - - #include "internal.h" -@@ -330,17 +331,34 @@ int generic_permission(struct inode *inode, int mask) +@@ -331,17 +331,34 @@ int generic_permission(struct inode *inode, int mask) if (ret != -EACCES) return ret; @@ -62782,7 +62767,7 @@ index bdea109..6e919ab 100644 * Read/write DACs are always overridable. * Executable DACs are overridable when there is * at least one exec bit set. -@@ -349,14 +367,6 @@ int generic_permission(struct inode *inode, int mask) +@@ -350,14 +367,6 @@ int generic_permission(struct inode *inode, int mask) if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) return 0; @@ -62797,7 +62782,7 @@ index bdea109..6e919ab 100644 return -EACCES; } -@@ -822,7 +832,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p) +@@ -823,7 +832,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p) { struct dentry *dentry = link->dentry; int error; @@ -62806,7 +62791,7 @@ index bdea109..6e919ab 100644 BUG_ON(nd->flags & LOOKUP_RCU); -@@ -843,6 +853,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p) +@@ -844,6 +853,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p) if (error) goto out_put_nd_path; @@ -62819,7 +62804,7 @@ index bdea109..6e919ab 100644 nd->last_type = LAST_BIND; *p = dentry->d_inode->i_op->follow_link(dentry, nd); error = PTR_ERR(*p); -@@ -1591,6 +1607,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) +@@ -1592,6 +1607,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) if (res) break; res = walk_component(nd, path, LOOKUP_FOLLOW); @@ -62828,16 +62813,6 @@ index bdea109..6e919ab 100644 put_link(nd, &link, cookie); } while (res > 0); -@@ -1624,8 +1642,7 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) - - static inline unsigned int fold_hash(unsigned long hash) - { -- hash += hash >> (8*sizeof(int)); -- return hash; -+ return hash_64(hash, 32); - } - - #else /* 32-bit case */ @@ -1664,7 +1681,7 @@ EXPORT_SYMBOL(full_name_hash); static inline unsigned long hash_name(const char *name, unsigned int *hashp) { @@ -62868,7 +62843,7 @@ index bdea109..6e919ab 100644 + } + if (!err && nd->flags & LOOKUP_DIRECTORY) { - if (!d_is_directory(nd->path.dentry)) { + if (!d_can_lookup(nd->path.dentry)) { path_put(&nd->path); @@ -1982,8 +2008,15 @@ static int filename_lookup(int dfd, struct filename *name, retval = path_lookupat(dfd, name->name, @@ -63038,9 +63013,9 @@ index bdea109..6e919ab 100644 audit_inode(name, nd->path.dentry, 0); + error = -EISDIR; - if ((open_flag & O_CREAT) && - (d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry))) -@@ -3180,7 +3274,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, + if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry)) + goto out; +@@ -3179,7 +3273,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, if (unlikely(error)) goto out; @@ -63049,7 +63024,7 @@ index bdea109..6e919ab 100644 while (unlikely(error > 0)) { /* trailing symlink */ struct path link = path; void *cookie; -@@ -3198,7 +3292,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3197,7 +3291,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) break; @@ -63058,7 +63033,7 @@ index bdea109..6e919ab 100644 put_link(nd, &link, cookie); } out: -@@ -3298,9 +3392,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, +@@ -3297,9 +3391,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, goto unlock; error = -EEXIST; @@ -63072,7 +63047,7 @@ index bdea109..6e919ab 100644 /* * Special case - lookup gave negative, but... we had foo/bar/ * From the vfs_mknod() POV we just have a negative dentry - -@@ -3352,6 +3448,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, +@@ -3351,6 +3447,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); @@ -63093,7 +63068,7 @@ index bdea109..6e919ab 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -3414,6 +3524,17 @@ retry: +@@ -3413,6 +3523,17 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -63111,7 +63086,7 @@ index bdea109..6e919ab 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out; -@@ -3430,6 +3551,8 @@ retry: +@@ -3429,6 +3550,8 @@ retry: break; } out: @@ -63120,7 +63095,7 @@ index bdea109..6e919ab 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3482,9 +3605,16 @@ retry: +@@ -3481,9 +3604,16 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -63137,7 +63112,7 @@ index bdea109..6e919ab 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3565,6 +3695,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -3564,6 +3694,8 @@ static long do_rmdir(int dfd, const char __user *pathname) struct filename *name; struct dentry *dentry; struct nameidata nd; @@ -63146,7 +63121,7 @@ index bdea109..6e919ab 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3597,10 +3729,21 @@ retry: +@@ -3596,10 +3728,21 @@ retry: error = -ENOENT; goto exit3; } @@ -63168,7 +63143,7 @@ index bdea109..6e919ab 100644 exit3: dput(dentry); exit2: -@@ -3690,6 +3833,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -3689,6 +3832,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct nameidata nd; struct inode *inode = NULL; struct inode *delegated_inode = NULL; @@ -63177,7 +63152,7 @@ index bdea109..6e919ab 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3716,10 +3861,22 @@ retry_deleg: +@@ -3715,10 +3860,22 @@ retry_deleg: if (d_is_negative(dentry)) goto slashes; ihold(inode); @@ -63200,7 +63175,7 @@ index bdea109..6e919ab 100644 exit2: dput(dentry); } -@@ -3807,9 +3964,17 @@ retry: +@@ -3806,9 +3963,17 @@ retry: if (IS_ERR(dentry)) goto out_putname; @@ -63218,7 +63193,7 @@ index bdea109..6e919ab 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3912,6 +4077,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3911,6 +4076,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, struct dentry *new_dentry; struct path old_path, new_path; struct inode *delegated_inode = NULL; @@ -63226,7 +63201,7 @@ index bdea109..6e919ab 100644 int how = 0; int error; -@@ -3935,7 +4101,7 @@ retry: +@@ -3934,7 +4100,7 @@ retry: if (error) return error; @@ -63235,7 +63210,7 @@ index bdea109..6e919ab 100644 (how & LOOKUP_REVAL)); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) -@@ -3947,11 +4113,28 @@ retry: +@@ -3946,11 +4112,28 @@ retry: error = may_linkat(&old_path); if (unlikely(error)) goto out_dput; @@ -63264,7 +63239,7 @@ index bdea109..6e919ab 100644 done_path_create(&new_path, new_dentry); if (delegated_inode) { error = break_deleg_wait(&delegated_inode); -@@ -4238,6 +4421,12 @@ retry_deleg: +@@ -4237,6 +4420,12 @@ retry_deleg: if (new_dentry == trap) goto exit5; @@ -63277,7 +63252,7 @@ index bdea109..6e919ab 100644 error = security_path_rename(&oldnd.path, old_dentry, &newnd.path, new_dentry); if (error) -@@ -4245,6 +4434,9 @@ retry_deleg: +@@ -4244,6 +4433,9 @@ retry_deleg: error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry, &delegated_inode); @@ -63287,7 +63262,7 @@ index bdea109..6e919ab 100644 exit5: dput(new_dentry); exit4: -@@ -4281,6 +4473,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -4280,6 +4472,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -63296,7 +63271,7 @@ index bdea109..6e919ab 100644 int len; len = PTR_ERR(link); -@@ -4290,7 +4484,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -4289,7 +4483,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -63313,10 +63288,10 @@ index bdea109..6e919ab 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index 65233a5..82ac953 100644 +index 75536db..5cda729 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1339,6 +1339,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1369,6 +1369,9 @@ static int do_umount(struct mount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -63326,7 +63301,7 @@ index 65233a5..82ac953 100644 return retval; } -@@ -1361,6 +1364,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1391,6 +1394,9 @@ static int do_umount(struct mount *mnt, int flags) } unlock_mount_hash(); namespace_unlock(); @@ -63336,7 +63311,7 @@ index 65233a5..82ac953 100644 return retval; } -@@ -1380,7 +1386,7 @@ static inline bool may_mount(void) +@@ -1410,7 +1416,7 @@ static inline bool may_mount(void) * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD */ @@ -63345,7 +63320,7 @@ index 65233a5..82ac953 100644 { struct path path; struct mount *mnt; -@@ -1422,7 +1428,7 @@ out: +@@ -1452,7 +1458,7 @@ out: /* * The 2.0 compatible umount. No flags. */ @@ -63354,7 +63329,7 @@ index 65233a5..82ac953 100644 { return sys_umount(name, 0); } -@@ -2431,6 +2437,16 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2501,6 +2507,16 @@ long do_mount(const char *dev_name, const char *dir_name, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -63371,7 +63346,7 @@ index 65233a5..82ac953 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2445,6 +2461,9 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2515,6 +2531,9 @@ long do_mount(const char *dev_name, const char *dir_name, dev_name, data_page); dput_out: path_put(&path); @@ -63381,7 +63356,7 @@ index 65233a5..82ac953 100644 return retval; } -@@ -2462,7 +2481,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) +@@ -2532,7 +2551,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) * number incrementing at 10Ghz will take 12,427 years to wrap which * is effectively never, so we can ignore the possibility. */ @@ -63390,7 +63365,7 @@ index 65233a5..82ac953 100644 static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) { -@@ -2477,7 +2496,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2547,7 +2566,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) kfree(new_ns); return ERR_PTR(ret); } @@ -63399,7 +63374,7 @@ index 65233a5..82ac953 100644 atomic_set(&new_ns->count, 1); new_ns->root = NULL; INIT_LIST_HEAD(&new_ns->list); -@@ -2487,7 +2506,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2557,7 +2576,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) return new_ns; } @@ -63408,7 +63383,7 @@ index 65233a5..82ac953 100644 struct user_namespace *user_ns, struct fs_struct *new_fs) { struct mnt_namespace *new_ns; -@@ -2608,8 +2627,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) +@@ -2678,8 +2697,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) } EXPORT_SYMBOL(mount_subtree); @@ -63419,7 +63394,7 @@ index 65233a5..82ac953 100644 { int ret; char *kernel_type; -@@ -2722,6 +2741,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2792,6 +2811,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -63431,7 +63406,7 @@ index 65233a5..82ac953 100644 get_fs_root(current->fs, &root); old_mp = lock_mount(&old); error = PTR_ERR(old_mp); -@@ -2990,7 +3014,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) +@@ -3060,7 +3084,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) return -EPERM; @@ -64368,7 +64343,7 @@ index 2183fcf..3c32a98 100644 help Various /proc files exist to monitor process memory utilization: diff --git a/fs/proc/array.c b/fs/proc/array.c -index 656e401..b5b86b9 100644 +index baf3464..6873520 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -60,6 +60,7 @@ @@ -64379,7 +64354,7 @@ index 656e401..b5b86b9 100644 #include <linux/proc_fs.h> #include <linux/ioport.h> #include <linux/uaccess.h> -@@ -356,6 +357,21 @@ static void task_cpus_allowed(struct seq_file *m, struct task_struct *task) +@@ -347,6 +348,21 @@ static void task_cpus_allowed(struct seq_file *m, struct task_struct *task) seq_putc(m, '\n'); } @@ -64401,7 +64376,7 @@ index 656e401..b5b86b9 100644 int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { -@@ -374,9 +390,24 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, +@@ -365,9 +381,24 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, task_cpus_allowed(m, task); cpuset_task_status_allowed(m, task); task_context_switch_counts(m, task); @@ -64426,7 +64401,7 @@ index 656e401..b5b86b9 100644 static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task, int whole) { -@@ -398,6 +429,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -389,6 +420,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, char tcomm[sizeof(task->comm)]; unsigned long flags; @@ -64440,7 +64415,7 @@ index 656e401..b5b86b9 100644 state = *get_task_state(task); vsize = eip = esp = 0; permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT); -@@ -468,6 +506,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -459,6 +497,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, gtime = task_gtime(task); } @@ -64460,7 +64435,7 @@ index 656e401..b5b86b9 100644 /* scale priority and nice values from timeslices to -20..20 */ /* to make it look like a "normal" Unix priority/nice value */ priority = task_prio(task); -@@ -504,9 +555,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -495,9 +546,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, ' ', vsize); seq_put_decimal_ull(m, ' ', mm ? get_mm_rss(mm) : 0); seq_put_decimal_ull(m, ' ', rsslim); @@ -64476,7 +64451,7 @@ index 656e401..b5b86b9 100644 seq_put_decimal_ull(m, ' ', esp); seq_put_decimal_ull(m, ' ', eip); /* The signal information here is obsolete. -@@ -528,7 +585,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -519,7 +576,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, ' ', cputime_to_clock_t(gtime)); seq_put_decimal_ll(m, ' ', cputime_to_clock_t(cgtime)); @@ -64489,7 +64464,7 @@ index 656e401..b5b86b9 100644 seq_put_decimal_ull(m, ' ', mm->start_data); seq_put_decimal_ull(m, ' ', mm->end_data); seq_put_decimal_ull(m, ' ', mm->start_brk); -@@ -566,8 +627,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -557,8 +618,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { unsigned long size = 0, resident = 0, shared = 0, text = 0, data = 0; @@ -64506,7 +64481,7 @@ index 656e401..b5b86b9 100644 if (mm) { size = task_statm(mm, &shared, &text, &data, &resident); mmput(mm); -@@ -590,6 +658,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -581,6 +649,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, return 0; } @@ -79029,10 +79004,10 @@ index 17e7e82..1d7da26 100644 #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) #endif diff --git a/include/linux/capability.h b/include/linux/capability.h -index 84b13ad..d7b6550 100644 +index aa93e5e..18bb953 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h -@@ -212,8 +212,13 @@ extern bool capable(int cap); +@@ -215,8 +215,13 @@ extern bool capable(int cap); extern bool ns_capable(struct user_namespace *ns, int cap); extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap); extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap); @@ -79500,7 +79475,7 @@ index 653589e..4ef254a 100644 return c | 0x20; } diff --git a/include/linux/dcache.h b/include/linux/dcache.h -index bf72e9a..4ca7927 100644 +index 3b50cac..71a4cec 100644 --- a/include/linux/dcache.h +++ b/include/linux/dcache.h @@ -133,7 +133,7 @@ struct dentry { @@ -82499,10 +82474,10 @@ index c3eb102..073c4a6 100644 .ops = ¶m_ops_##type, \ .elemsize = sizeof(array[0]), .elem = array }; \ diff --git a/include/linux/mount.h b/include/linux/mount.h -index 839bac2..a96b37c 100644 +index b0c1e65..fd6baf1 100644 --- a/include/linux/mount.h +++ b/include/linux/mount.h -@@ -59,7 +59,7 @@ struct vfsmount { +@@ -66,7 +66,7 @@ struct vfsmount { struct dentry *mnt_root; /* root of the mounted tree */ struct super_block *mnt_sb; /* pointer to superblock */ int mnt_flags; @@ -85566,10 +85541,10 @@ index 52beadf..598734c 100644 u8 qfull; enum fc_lport_state state; diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h -index b4f1eff..7fdbd46 100644 +index 409fafb..efc53b0 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h -@@ -180,9 +180,9 @@ struct scsi_device { +@@ -181,9 +181,9 @@ struct scsi_device { unsigned int max_device_blocked; /* what device_blocked counts down from */ #define SCSI_DEFAULT_DEVICE_BLOCKED 3 @@ -86866,7 +86841,7 @@ index 8d6e145..33e0b1e 100644 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; set_fs(fs); diff --git a/kernel/audit.c b/kernel/audit.c -index 0c9dc86..a891393 100644 +index 2c0ecd1..80d068a 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -122,7 +122,7 @@ u32 audit_sig_sid = 0; @@ -86928,7 +86903,7 @@ index 619b58d..e58d957 100644 task->sessionid = sessionid; task->loginuid = loginuid; diff --git a/kernel/capability.c b/kernel/capability.c -index 1191a44..7c81292 100644 +index 00adb21..d5954a8 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -202,6 +202,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr) @@ -86941,7 +86916,7 @@ index 1191a44..7c81292 100644 if (copy_to_user(dataptr, kdata, tocopy * sizeof(struct __user_cap_data_struct))) { return -EFAULT; -@@ -303,10 +306,11 @@ bool has_ns_capability(struct task_struct *t, +@@ -307,10 +310,11 @@ bool has_ns_capability(struct task_struct *t, int ret; rcu_read_lock(); @@ -86955,7 +86930,7 @@ index 1191a44..7c81292 100644 } /** -@@ -343,10 +347,10 @@ bool has_ns_capability_noaudit(struct task_struct *t, +@@ -347,10 +351,10 @@ bool has_ns_capability_noaudit(struct task_struct *t, int ret; rcu_read_lock(); @@ -86968,7 +86943,7 @@ index 1191a44..7c81292 100644 } /** -@@ -384,7 +388,7 @@ bool ns_capable(struct user_namespace *ns, int cap) +@@ -388,7 +392,7 @@ bool ns_capable(struct user_namespace *ns, int cap) BUG(); } @@ -86977,7 +86952,7 @@ index 1191a44..7c81292 100644 current->flags |= PF_SUPERPRIV; return true; } -@@ -392,6 +396,21 @@ bool ns_capable(struct user_namespace *ns, int cap) +@@ -396,6 +400,21 @@ bool ns_capable(struct user_namespace *ns, int cap) } EXPORT_SYMBOL(ns_capable); @@ -86999,7 +86974,7 @@ index 1191a44..7c81292 100644 /** * file_ns_capable - Determine if the file's opener had a capability in effect * @file: The file we want to check -@@ -432,6 +451,12 @@ bool capable(int cap) +@@ -436,6 +455,12 @@ bool capable(int cap) } EXPORT_SYMBOL(capable); @@ -87012,7 +86987,7 @@ index 1191a44..7c81292 100644 /** * capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped * @inode: The inode in question -@@ -449,3 +474,12 @@ bool capable_wrt_inode_uidgid(const struct inode *inode, int cap) +@@ -453,3 +478,12 @@ bool capable_wrt_inode_uidgid(const struct inode *inode, int cap) kgid_has_mapping(ns, inode->i_gid); } EXPORT_SYMBOL(capable_wrt_inode_uidgid); @@ -92491,7 +92466,7 @@ index e3be87e..7480b36 100644 ftrace_graph_active++; diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index 0954450..1e3e687 100644 +index a53f1bb..0e70660 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -352,9 +352,9 @@ struct buffer_data_page { @@ -92731,7 +92706,7 @@ index 0954450..1e3e687 100644 } return overruns; -@@ -3518,8 +3532,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3513,8 +3527,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) /* * Reset the reader page to size zero. */ @@ -92742,7 +92717,7 @@ index 0954450..1e3e687 100644 local_set(&cpu_buffer->reader_page->page->commit, 0); cpu_buffer->reader_page->real_end = 0; -@@ -3553,7 +3567,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3548,7 +3562,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) * want to compare with the last_overrun. */ smp_mb(); @@ -92751,7 +92726,7 @@ index 0954450..1e3e687 100644 /* * Here's the tricky part. -@@ -4123,8 +4137,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4120,8 +4134,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->head_page = list_entry(cpu_buffer->pages, struct buffer_page, list); @@ -92762,7 +92737,7 @@ index 0954450..1e3e687 100644 local_set(&cpu_buffer->head_page->page->commit, 0); cpu_buffer->head_page->read = 0; -@@ -4134,14 +4148,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4131,14 +4145,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) INIT_LIST_HEAD(&cpu_buffer->reader_page->list); INIT_LIST_HEAD(&cpu_buffer->new_pages); @@ -92781,7 +92756,7 @@ index 0954450..1e3e687 100644 local_set(&cpu_buffer->dropped_events, 0); local_set(&cpu_buffer->entries, 0); local_set(&cpu_buffer->committing, 0); -@@ -4546,8 +4560,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, +@@ -4543,8 +4557,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, rb_init_page(bpage); bpage = reader->page; reader->page = *data_page; @@ -93104,34 +93079,6 @@ index 48140e3..de854e5 100644 obj-$(CONFIG_DEBUG_OBJECTS) += debugobjects.o ifneq ($(CONFIG_HAVE_DEC_LOCK),y) -diff --git a/lib/assoc_array.c b/lib/assoc_array.c -index c0b1007..2404d03 100644 ---- a/lib/assoc_array.c -+++ b/lib/assoc_array.c -@@ -1723,11 +1723,13 @@ ascend_old_tree: - shortcut = assoc_array_ptr_to_shortcut(ptr); - slot = shortcut->parent_slot; - cursor = shortcut->back_pointer; -+ if (!cursor) -+ goto gc_complete; - } else { - slot = node->parent_slot; - cursor = ptr; - } -- BUG_ON(!ptr); -+ BUG_ON(!cursor); - node = assoc_array_ptr_to_node(cursor); - slot++; - goto continue_node; -@@ -1735,7 +1737,7 @@ ascend_old_tree: - gc_complete: - edit->set[0].to = new_root; - assoc_array_apply_edit(edit); -- edit->array->nr_leaves_on_tree = nr_leaves_on_tree; -+ array->nr_leaves_on_tree = nr_leaves_on_tree; - return 0; - - enomem: diff --git a/lib/average.c b/lib/average.c index 114d1be..ab0350c 100644 --- a/lib/average.c @@ -99354,7 +99301,7 @@ index 6afa3b4..7a14180 100644 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && rfc.mode != chan->mode) diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c -index 27ae841..e5a8343 100644 +index 06a7a76..86dd829 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c @@ -625,7 +625,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, @@ -99405,7 +99352,7 @@ index 27ae841..e5a8343 100644 err = -EFAULT; break; diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c -index 3c2d3e4..884855a 100644 +index a0050de..59c6178 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c @@ -672,7 +672,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c @@ -99592,342 +99539,8 @@ index b543470..d2ddae2 100644 if (!can_dir) { printk(KERN_INFO "can: failed to create /proc/net/can . " -diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c -index 96238ba..de6662b 100644 ---- a/net/ceph/auth_x.c -+++ b/net/ceph/auth_x.c -@@ -13,8 +13,6 @@ - #include "auth_x.h" - #include "auth_x_protocol.h" - --#define TEMP_TICKET_BUF_LEN 256 -- - static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed); - - static int ceph_x_is_authenticated(struct ceph_auth_client *ac) -@@ -64,7 +62,7 @@ static int ceph_x_encrypt(struct ceph_crypto_key *secret, - } - - static int ceph_x_decrypt(struct ceph_crypto_key *secret, -- void **p, void *end, void *obuf, size_t olen) -+ void **p, void *end, void **obuf, size_t olen) - { - struct ceph_x_encrypt_header head; - size_t head_len = sizeof(head); -@@ -75,8 +73,14 @@ static int ceph_x_decrypt(struct ceph_crypto_key *secret, - return -EINVAL; - - dout("ceph_x_decrypt len %d\n", len); -- ret = ceph_decrypt2(secret, &head, &head_len, obuf, &olen, -- *p, len); -+ if (*obuf == NULL) { -+ *obuf = kmalloc(len, GFP_NOFS); -+ if (!*obuf) -+ return -ENOMEM; -+ olen = len; -+ } -+ -+ ret = ceph_decrypt2(secret, &head, &head_len, *obuf, &olen, *p, len); - if (ret) - return ret; - if (head.struct_v != 1 || le64_to_cpu(head.magic) != CEPHX_ENC_MAGIC) -@@ -129,145 +133,154 @@ static void remove_ticket_handler(struct ceph_auth_client *ac, - kfree(th); - } - -+static int process_one_ticket(struct ceph_auth_client *ac, -+ struct ceph_crypto_key *secret, -+ void **p, void *end) -+{ -+ struct ceph_x_info *xi = ac->private; -+ int type; -+ u8 tkt_struct_v, blob_struct_v; -+ struct ceph_x_ticket_handler *th; -+ void *dbuf = NULL; -+ void *dp, *dend; -+ int dlen; -+ char is_enc; -+ struct timespec validity; -+ struct ceph_crypto_key old_key; -+ void *ticket_buf = NULL; -+ void *tp, *tpend; -+ struct ceph_timespec new_validity; -+ struct ceph_crypto_key new_session_key; -+ struct ceph_buffer *new_ticket_blob; -+ unsigned long new_expires, new_renew_after; -+ u64 new_secret_id; -+ int ret; -+ -+ ceph_decode_need(p, end, sizeof(u32) + 1, bad); -+ -+ type = ceph_decode_32(p); -+ dout(" ticket type %d %s\n", type, ceph_entity_type_name(type)); -+ -+ tkt_struct_v = ceph_decode_8(p); -+ if (tkt_struct_v != 1) -+ goto bad; -+ -+ th = get_ticket_handler(ac, type); -+ if (IS_ERR(th)) { -+ ret = PTR_ERR(th); -+ goto out; -+ } -+ -+ /* blob for me */ -+ dlen = ceph_x_decrypt(secret, p, end, &dbuf, 0); -+ if (dlen <= 0) { -+ ret = dlen; -+ goto out; -+ } -+ dout(" decrypted %d bytes\n", dlen); -+ dp = dbuf; -+ dend = dp + dlen; -+ -+ tkt_struct_v = ceph_decode_8(&dp); -+ if (tkt_struct_v != 1) -+ goto bad; -+ -+ memcpy(&old_key, &th->session_key, sizeof(old_key)); -+ ret = ceph_crypto_key_decode(&new_session_key, &dp, dend); -+ if (ret) -+ goto out; -+ -+ ceph_decode_copy(&dp, &new_validity, sizeof(new_validity)); -+ ceph_decode_timespec(&validity, &new_validity); -+ new_expires = get_seconds() + validity.tv_sec; -+ new_renew_after = new_expires - (validity.tv_sec / 4); -+ dout(" expires=%lu renew_after=%lu\n", new_expires, -+ new_renew_after); -+ -+ /* ticket blob for service */ -+ ceph_decode_8_safe(p, end, is_enc, bad); -+ if (is_enc) { -+ /* encrypted */ -+ dout(" encrypted ticket\n"); -+ dlen = ceph_x_decrypt(&old_key, p, end, &ticket_buf, 0); -+ if (dlen < 0) { -+ ret = dlen; -+ goto out; -+ } -+ tp = ticket_buf; -+ dlen = ceph_decode_32(&tp); -+ } else { -+ /* unencrypted */ -+ ceph_decode_32_safe(p, end, dlen, bad); -+ ticket_buf = kmalloc(dlen, GFP_NOFS); -+ if (!ticket_buf) { -+ ret = -ENOMEM; -+ goto out; -+ } -+ tp = ticket_buf; -+ ceph_decode_need(p, end, dlen, bad); -+ ceph_decode_copy(p, ticket_buf, dlen); -+ } -+ tpend = tp + dlen; -+ dout(" ticket blob is %d bytes\n", dlen); -+ ceph_decode_need(&tp, tpend, 1 + sizeof(u64), bad); -+ blob_struct_v = ceph_decode_8(&tp); -+ new_secret_id = ceph_decode_64(&tp); -+ ret = ceph_decode_buffer(&new_ticket_blob, &tp, tpend); -+ if (ret) -+ goto out; -+ -+ /* all is well, update our ticket */ -+ ceph_crypto_key_destroy(&th->session_key); -+ if (th->ticket_blob) -+ ceph_buffer_put(th->ticket_blob); -+ th->session_key = new_session_key; -+ th->ticket_blob = new_ticket_blob; -+ th->validity = new_validity; -+ th->secret_id = new_secret_id; -+ th->expires = new_expires; -+ th->renew_after = new_renew_after; -+ dout(" got ticket service %d (%s) secret_id %lld len %d\n", -+ type, ceph_entity_type_name(type), th->secret_id, -+ (int)th->ticket_blob->vec.iov_len); -+ xi->have_keys |= th->service; -+ -+out: -+ kfree(ticket_buf); -+ kfree(dbuf); -+ return ret; -+ -+bad: -+ ret = -EINVAL; -+ goto out; -+} -+ - static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac, - struct ceph_crypto_key *secret, - void *buf, void *end) - { -- struct ceph_x_info *xi = ac->private; -- int num; - void *p = buf; -- int ret; -- char *dbuf; -- char *ticket_buf; - u8 reply_struct_v; -+ u32 num; -+ int ret; - -- dbuf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS); -- if (!dbuf) -- return -ENOMEM; -- -- ret = -ENOMEM; -- ticket_buf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS); -- if (!ticket_buf) -- goto out_dbuf; -- -- ceph_decode_need(&p, end, 1 + sizeof(u32), bad); -- reply_struct_v = ceph_decode_8(&p); -+ ceph_decode_8_safe(&p, end, reply_struct_v, bad); - if (reply_struct_v != 1) -- goto bad; -- num = ceph_decode_32(&p); -+ return -EINVAL; -+ -+ ceph_decode_32_safe(&p, end, num, bad); - dout("%d tickets\n", num); -+ - while (num--) { -- int type; -- u8 tkt_struct_v, blob_struct_v; -- struct ceph_x_ticket_handler *th; -- void *dp, *dend; -- int dlen; -- char is_enc; -- struct timespec validity; -- struct ceph_crypto_key old_key; -- void *tp, *tpend; -- struct ceph_timespec new_validity; -- struct ceph_crypto_key new_session_key; -- struct ceph_buffer *new_ticket_blob; -- unsigned long new_expires, new_renew_after; -- u64 new_secret_id; -- -- ceph_decode_need(&p, end, sizeof(u32) + 1, bad); -- -- type = ceph_decode_32(&p); -- dout(" ticket type %d %s\n", type, ceph_entity_type_name(type)); -- -- tkt_struct_v = ceph_decode_8(&p); -- if (tkt_struct_v != 1) -- goto bad; -- -- th = get_ticket_handler(ac, type); -- if (IS_ERR(th)) { -- ret = PTR_ERR(th); -- goto out; -- } -- -- /* blob for me */ -- dlen = ceph_x_decrypt(secret, &p, end, dbuf, -- TEMP_TICKET_BUF_LEN); -- if (dlen <= 0) { -- ret = dlen; -- goto out; -- } -- dout(" decrypted %d bytes\n", dlen); -- dend = dbuf + dlen; -- dp = dbuf; -- -- tkt_struct_v = ceph_decode_8(&dp); -- if (tkt_struct_v != 1) -- goto bad; -- -- memcpy(&old_key, &th->session_key, sizeof(old_key)); -- ret = ceph_crypto_key_decode(&new_session_key, &dp, dend); -+ ret = process_one_ticket(ac, secret, &p, end); - if (ret) -- goto out; -- -- ceph_decode_copy(&dp, &new_validity, sizeof(new_validity)); -- ceph_decode_timespec(&validity, &new_validity); -- new_expires = get_seconds() + validity.tv_sec; -- new_renew_after = new_expires - (validity.tv_sec / 4); -- dout(" expires=%lu renew_after=%lu\n", new_expires, -- new_renew_after); -- -- /* ticket blob for service */ -- ceph_decode_8_safe(&p, end, is_enc, bad); -- tp = ticket_buf; -- if (is_enc) { -- /* encrypted */ -- dout(" encrypted ticket\n"); -- dlen = ceph_x_decrypt(&old_key, &p, end, ticket_buf, -- TEMP_TICKET_BUF_LEN); -- if (dlen < 0) { -- ret = dlen; -- goto out; -- } -- dlen = ceph_decode_32(&tp); -- } else { -- /* unencrypted */ -- ceph_decode_32_safe(&p, end, dlen, bad); -- ceph_decode_need(&p, end, dlen, bad); -- ceph_decode_copy(&p, ticket_buf, dlen); -- } -- tpend = tp + dlen; -- dout(" ticket blob is %d bytes\n", dlen); -- ceph_decode_need(&tp, tpend, 1 + sizeof(u64), bad); -- blob_struct_v = ceph_decode_8(&tp); -- new_secret_id = ceph_decode_64(&tp); -- ret = ceph_decode_buffer(&new_ticket_blob, &tp, tpend); -- if (ret) -- goto out; -- -- /* all is well, update our ticket */ -- ceph_crypto_key_destroy(&th->session_key); -- if (th->ticket_blob) -- ceph_buffer_put(th->ticket_blob); -- th->session_key = new_session_key; -- th->ticket_blob = new_ticket_blob; -- th->validity = new_validity; -- th->secret_id = new_secret_id; -- th->expires = new_expires; -- th->renew_after = new_renew_after; -- dout(" got ticket service %d (%s) secret_id %lld len %d\n", -- type, ceph_entity_type_name(type), th->secret_id, -- (int)th->ticket_blob->vec.iov_len); -- xi->have_keys |= th->service; -+ return ret; - } - -- ret = 0; --out: -- kfree(ticket_buf); --out_dbuf: -- kfree(dbuf); -- return ret; -+ return 0; - - bad: -- ret = -EINVAL; -- goto out; -+ return -EINVAL; - } - - static int ceph_x_build_authorizer(struct ceph_auth_client *ac, -@@ -583,13 +596,14 @@ static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac, - struct ceph_x_ticket_handler *th; - int ret = 0; - struct ceph_x_authorize_reply reply; -+ void *preply = &reply; - void *p = au->reply_buf; - void *end = p + sizeof(au->reply_buf); - - th = get_ticket_handler(ac, au->service); - if (IS_ERR(th)) - return PTR_ERR(th); -- ret = ceph_x_decrypt(&th->session_key, &p, end, &reply, sizeof(reply)); -+ ret = ceph_x_decrypt(&th->session_key, &p, end, &preply, sizeof(reply)); - if (ret < 0) - return ret; - if (ret != sizeof(reply)) diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c -index 988721a..947846d 100644 +index 0a31298..241da43 100644 --- a/net/ceph/messenger.c +++ b/net/ceph/messenger.c @@ -187,7 +187,7 @@ static void con_fault(struct ceph_connection *con); @@ -99948,26 +99561,6 @@ index 988721a..947846d 100644 s = addr_str[i]; switch (ss->ss_family) { -diff --git a/net/ceph/mon_client.c b/net/ceph/mon_client.c -index 2ac9ef3..dbcbf5a 100644 ---- a/net/ceph/mon_client.c -+++ b/net/ceph/mon_client.c -@@ -1041,7 +1041,15 @@ static struct ceph_msg *mon_alloc_msg(struct ceph_connection *con, - if (!m) { - pr_info("alloc_msg unknown type %d\n", type); - *skip = 1; -+ } else if (front_len > m->front_alloc_len) { -+ pr_warning("mon_alloc_msg front %d > prealloc %d (%u#%llu)\n", -+ front_len, m->front_alloc_len, -+ (unsigned int)con->peer_name.type, -+ le64_to_cpu(con->peer_name.num)); -+ ceph_msg_put(m); -+ m = ceph_msg_new(type, front_len, GFP_NOFS, false); - } -+ - return m; - } - diff --git a/net/compat.c b/net/compat.c index cbc1a2a..ab7644e 100644 --- a/net/compat.c @@ -106197,10 +105790,10 @@ index 8fac3fd..32ff38d 100644 unsigned int secindex_strings; diff --git a/security/Kconfig b/security/Kconfig -index beb86b5..40b1edb 100644 +index beb86b5..9becb4a 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,957 @@ +@@ -4,6 +4,965 @@ menu "Security options" @@ -106789,6 +106382,14 @@ index beb86b5..40b1edb 100644 + that is, enabling this option will make it harder to inject + and execute 'foreign' code in kernel memory itself. + ++ Note that on amd64, CONFIG_EFI enabled with "efi=old_map" on ++ the kernel command-line will result in an RWX physical map. ++ ++ Likewise, the EFI runtime services are necessarily mapped as ++ RWX. If CONFIG_EFI is enabled on an EFI-capable system, it ++ is recommended that you boot with "noefi" on the kernel ++ command-line if possible to eliminate the mapping. ++ +choice + prompt "Return Address Instrumentation Method" + default PAX_KERNEXEC_PLUGIN_METHOD_BTS @@ -107158,7 +106759,7 @@ index beb86b5..40b1edb 100644 source security/keys/Kconfig config SECURITY_DMESG_RESTRICT -@@ -103,7 +1054,7 @@ config INTEL_TXT +@@ -103,7 +1062,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -107225,10 +106826,10 @@ index 4257b7e..2d0732d 100644 .ptrace_access_check = apparmor_ptrace_access_check, diff --git a/security/commoncap.c b/security/commoncap.c -index b9d613e..f68305c 100644 +index 963dc59..12ebd0c 100644 --- a/security/commoncap.c +++ b/security/commoncap.c -@@ -424,6 +424,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data +@@ -427,6 +427,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data return 0; } @@ -107261,7 +106862,7 @@ index b9d613e..f68305c 100644 /* * Attempt to get the on-exec apply capability sets for an executable file from * its xattrs and, if present, apply them to the proposed credentials being -@@ -592,6 +618,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) +@@ -595,6 +621,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) const struct cred *cred = current_cred(); kuid_t root_uid = make_kuid(cred->user_ns, 0); @@ -111998,7 +111599,7 @@ index 0000000..1ae2ed5 + +targets += size_overflow_hash.h size_overflow_hash_aux.h diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh -new file mode 100644 +new file mode 100755 index 0000000..12b1e3b --- /dev/null +++ b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh @@ -116307,10 +115908,10 @@ index 0000000..4378111 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..4077712 +index 0000000..38b3d62 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,5988 @@ +@@ -0,0 +1,5989 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL @@ -121066,6 +120667,7 @@ index 0000000..4077712 +nsm_get_handle_52089 nsm_get_handle 4 52089 NULL +ulist_add_merge_52096 ulist_add_merge 0 52096 NULL +o2net_debug_read_52105 o2net_debug_read 3 52105 NULL ++smsdvb_stats_read_52114 smsdvb_stats_read 3 52114 NULL +split_scan_timeout_write_52128 split_scan_timeout_write 3 52128 NULL +retry_count_read_52129 retry_count_read 3 52129 NULL +xfs_btree_change_owner_52137 xfs_btree_change_owner 0 52137 NULL |